[libvirt] Enhancement: Random Clock Offset

[Daniel P. Berrange]

On Wed, Mar 02, 2016 at 11:09:20AM +0100, Martin Kletzander wrote:
> On Tue, Mar 01, 2016 at 07:51:48PM +0000, bancfc at openmailbox.org wrote:
> >For better system anonymity (to decouple VM OS timestamps leaked in
> >traffic from host ones) a feature can be added to the clock offset
> >variable to select randomly from a specified range of seconds from
> >instead of a fixed  number of seconds. That way a guest's clock can vary
> >unpredictably from the host's and confuse  correlation by network
> >adversaries.
> >
> >Full Disclosure: I am from the  Tor centric Whonix Project - whonix.org
> >and this would be a very useful feature for us.
> >
> 
> Interesting idea.  Should this be automated, I would expect this to be
> done above libvirt, using libvirt's APIs.  Particularly virDomainSetTime
> [1] could be of use.  There's a virsh command for that as well, called
> domtime that can be called from a script.

Agreed, this feature is really a specific usage policy. Libvirt aims to
focus on providing mechanism, letting specific policies be implemented
by the management applications using libvirt. We already allow the time
offset to be set to an arbitrary number of seconds, so apps starting a
guest can change that value as desired each time. So I don't think
there is anything should do in libvirt for this.


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|